A cybercrime tool named ErrTraffic is proliferating malware through fake error pop-ups on compromised websites since 2026-01-07. It is designed to deceive users into executing malicious commands on various operating systems.
Methodology and Reach
ErrTraffic employs a straightforward JavaScript injection that ties a hacked site to an attacker's control panel. The script analyzes the visitor's OS and browser, displaying tailored pop-ups that suggest a browser update or font installation. This attack leverages Windows, Android, macOS, and Linux, while employing geolocation filtering to avoid Russia and adjacent regions.
- Hudson Rock Threat Intelligence found its promotion on Russian-language forums.
- ErrTraffic's package, priced around $800, includes a control panel and payload scripts.
- The attack requires users to manually paste commands, bypassing traditional defenses.
Potential Consequences
The campaign's conversion rate nearly reaches 60%, indicating successful penetration. On Windows, ErrTraffic primarily delivers infostealing malware like Lumma and Vidar, while Android devices receive banking trojans. Compromised credentials enable attackers to access further sites, perpetuating the malware spread.
Preventive Measures
To safeguard against ErrTraffic, users should avoid copying commands from external websites into PowerShell or terminal environments. Suspicious error pop-ups should be dismissed, as legitimate updates are sourced from built-in system tools or app stores. Employing robust antivirus software helps detect potential threats like infostealers. To minimize impact, personal information should be scrapped from data broker sites. Lifestyle changes, such as trusting native update mechanisms and avoiding immediate responses to pop-ups, can significantly impede scam success.
